7b5c59e827
This allows to pass the multi-tenant enablement flag as a shared config option to the reva service. This needs to be done for all reva services since it ends up in a global variable in reva that is only initialized once, by the service that is the first to parse its config. See https://github.com/opencloud-eu/opencloud/issues/1563 for details.
Auth-Machine
The OpenCloud Auth Machine is used for interservice communication when using user impersonation.
OpenCloud uses serveral authentication services for different use cases. All services that start with auth- are part of the authentication service family. Each member authenticates requests with different scopes. As of now, these services exist:
auth-apphandles authentication of external 3rd party appsauth-basichandles basic authenticationauth-bearerhandles oidc authenticationauth-machinehandles interservice authentication when a user is impersonatedauth-servicehandles interservice authentication when using service accounts
User Impersonation
When one OpenCloud service is trying to talk to other OpenCloud services, it needs to authenticate itself. To do so, it will impersonate a user using the auth-machine service. It will then act on behalf of this user. Any action will show up as action of this specific user, which gets visible when e.g. logged in the audit log.
Deprecation
With the upcoming auth-service service, the auth-machine service will be used less frequently and is probably a candidate for deprecation.